Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 07:19
    Firstyear closed #172
  • 07:19

    Firstyear on master

    nfc: major refactoring (#172) … (compare)

  • 07:14
    Firstyear review_requested #174
  • 07:14
    Firstyear opened #174
  • 07:12

    Firstyear on 20220812-tpm-ecc

    Add TPM ECC test vector? Add support for ECC TPM algs (compare)

  • 06:46
    yaleman converted_to_draft #991
  • 06:15
    Firstyear commented #169
  • 05:26
    micolous commented #172
  • 05:26
    micolous opened #173
  • 05:00
    micolous ready_for_review #172
  • 05:00
    micolous edited #172
  • 04:59
    micolous synchronize #172
  • 04:51
    micolous synchronize #172
  • 04:48
    micolous edited #172
  • 04:47
    micolous synchronize #172
  • 04:46

    dependabot[bot] on pip

    (compare)

  • 04:45

    yaleman on master

    Bump pydantic from 1.9.1 to 1.9… (compare)

  • 04:45
    yaleman closed #992
  • 04:45
    micolous synchronize #172
  • 04:45
    micolous synchronize #172
Firstyear
@Firstyear
So after a TOTP, and you send the challege, it can respond with "denied" (wrong totp) or "continue: password" to show you now need the password next.
There are certain ways that process could be improved such as letting you have multiple attemps at the password post TOTP, but that would need to wire in with the bruetforce tracking.
Once that's all done, we issue a JWT which contains a signed User Auth Token structure, often called UAT. The UAT is pretty minimal, generally it contains a uuid, the displayname/name /spn, and some internal metadata about session limits for the use of that UAT.
hexa
@hexa:lossy.network
[m]
looking at pykanidm that resides in the kanidm repo; is the plan to sync up the version number with kanidm?
or creates separate tags on the same repo?
currently it would be somewhat messy to programmatically check for updates
James Hodgkinson
@yaleman:matrix.org
[m]
hexa: I keep meaning to publish it to pypi, I’ll do that today
I’m pretty sure it’ll have a different release cadence for a while as I’m a cowboy and it’s even more alpha than Kani’s alpha status
hexa
@hexa:lossy.network
[m]
alright, thanks!
James Hodgkinson
@yaleman:matrix.org
[m]
... if I can work out how/why I broke the build so bad in #989 O_o
snek
@devsnek:matrix.org
[m]
any suggestions on how to test something built with webauthn-rs? I guess I'm looking for like a rust software webauthn device? 🤔
James Hodgkinson
@yaleman:matrix.org
[m]
There's softtokens, I vaguely remember @Firstyear working on something related
Firstyear
@Firstyear
@devsnek:matrix.org In webauthn-authenticator-rs there is a soft token you can use.
I can't upload it to crates.io atm though because it depends on a git version of the mozilla library :(
It also supports the ability to do attestation too if you want lol.
snek
@devsnek:matrix.org
[m]
hmmmm
oh i see
basically i just want to validate that the grpc endpoints i added work correctly, so folks in the future don't break them
this crate might work for that
Firstyear
@Firstyear
Yeah, it should do it. If you can't include the crate for now, feel free to either add it is a git dep, or just copy-paste the whole module lol.
snek
@devsnek:matrix.org
[m]
whats the issue with the deps?
crates.io allowed git i thought
Firstyear
@Firstyear
mozilla are dragging their feet to merge and release ctap2 support.
snek
@devsnek:matrix.org
[m]
dang this is a linked list of forks
Firstyear
@Firstyear
Yeeeppp
snek
@devsnek:matrix.org
[m]
the big heading says ctap1/ctap2
oh i see
Firstyear
@Firstyear
So a mate of mine at suse wrote CTAP2 support, mozilla want to merge it, but they are dragging their feet
snek
@devsnek:matrix.org
[m]
unstable ctap2 branch
Firstyear
@Firstyear
Yeah
It's really well done too, Martin did a great job
snek
@devsnek:matrix.org
[m]
you know mozilla hangs out on matrix
u should go bug them
Firstyear
@Firstyear
I already did.
But yeah, they are busy with sandboxing atm
Which I get it, that's important
but you know ... we've like done everything on a silver platter here.
Anyway, I wanted ctap2 support on the kanidm cli for passkeys, so I am using it and there are some extra patches I had to add on top that we will merge "later" because again, mozilla dragging feet.
And no, crates stopped accepting git deps in crate trees.
James Hodgkinson
@yaleman:matrix.org
[m]
dear mozilla plz do the needful asap
snek
@devsnek:matrix.org
[m]
have you tried the HE strategy https://www.datacenterknowledge.com/sites/datacenterknowledge.com/files/wp-content/uploads/2009/10/Hurricane-Cake.jpg
James Hodgkinson
@yaleman:matrix.org
[m]
haha
Firstyear
@Firstyear
ROFL
James Hodgkinson
@yaleman:matrix.org
[m]
we need to send microsoft a github-ipv6-plz-cake
Firstyear
@Firstyear
I should
@devsnek:matrix.org Anyway, there is a soft token there, let me know if it helps, and if you want to edit/contribute, more than happy.
snek
@devsnek:matrix.org
[m]
yeye i'll try hooking it up tomorrow
then they can't yell at me for having no tests :)
Firstyear
@Firstyear
:)
I wrote the softtoken so we could test webauthn in kani actualyl.